Skip to content

Commit

Permalink
feat(amplify): support custom certificate (#30791)
Browse files Browse the repository at this point in the history
### Issue # (if applicable)

Closes #30594.

### Reason for this change
To use custom domain for Amplify by setting custom certificate.


### Description of changes
Add `customCertificate` property.


### Description of how you validated changes
Add unit test and integ test.


### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
  • Loading branch information
mazyu36 authored Aug 14, 2024
1 parent 768145c commit 8d76778
Show file tree
Hide file tree
Showing 13 changed files with 1,062 additions and 0 deletions.
11 changes: 11 additions & 0 deletions packages/@aws-cdk/aws-amplify-alpha/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -138,6 +138,17 @@ domain.mapSubDomain(main, 'www');
domain.mapSubDomain(dev); // sub domain prefix defaults to branch name
```

To specify a custom certificate for your custom domain use the `customCertificate` property:

```ts
declare const customCertificate: acm.Certificate;
declare const amplifyApp: amplify.App;

const domain = amplifyApp.addDomain('example.com', {
customCertificate, // set your custom certificate
});
```

## Restricting access

Password protect the app with basic auth by specifying the `basicAuth` prop.
Expand Down
12 changes: 12 additions & 0 deletions packages/@aws-cdk/aws-amplify-alpha/lib/domain.ts
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
import * as acm from 'aws-cdk-lib/aws-certificatemanager';
import * as iam from 'aws-cdk-lib/aws-iam';
import { Lazy, Resource, IResolvable } from 'aws-cdk-lib/core';
import { Construct } from 'constructs';
Expand Down Expand Up @@ -36,6 +37,13 @@ export interface DomainOptions {
* @default - all repository branches ['*', 'pr*']
*/
readonly autoSubdomainCreationPatterns?: string[];

/**
* The type of SSL/TLS certificate to use for your custom domain
*
* @default - Amplify uses the default certificate that it provisions and manages for you
*/
readonly customCertificate?: acm.ICertificate;
}

/**
Expand Down Expand Up @@ -130,6 +138,10 @@ export class Domain extends Resource {
enableAutoSubDomain: !!props.enableAutoSubdomain,
autoSubDomainCreationPatterns: props.autoSubdomainCreationPatterns || ['*', 'pr*'],
autoSubDomainIamRole: props.autoSubDomainIamRole?.roleArn,
certificateSettings: props.customCertificate ? {
certificateType: 'CUSTOM',
customCertificateArn: props.customCertificate.certificateArn,
} : undefined,
});

this.arn = domain.attrArn;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
import { SecretValue, Stack } from 'aws-cdk-lib';
import { Construct } from 'constructs';
import * as amplify from '@aws-cdk/aws-amplify-alpha';
import * as acm from 'aws-cdk-lib/aws-certificatemanager';

class Fixture extends Stack {
constructor(scope: Construct, id: string) {
Expand Down
73 changes: 73 additions & 0 deletions packages/@aws-cdk/aws-amplify-alpha/test/domain.test.ts
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import { Template } from 'aws-cdk-lib/assertions';
import * as acm from 'aws-cdk-lib/aws-certificatemanager';
import * as iam from 'aws-cdk-lib/aws-iam';
import { App, SecretValue, Stack } from 'aws-cdk-lib';
import * as amplify from '../lib';
Expand Down Expand Up @@ -64,6 +65,78 @@ test('create a domain', () => {
});
});

test('create a domain with custom certificate', () => {
// GIVEN
const stack = new Stack();
const app = new amplify.App(stack, 'App', {
sourceCodeProvider: new amplify.GitHubSourceCodeProvider({
owner: 'aws',
repository: 'aws-cdk',
oauthToken: SecretValue.unsafePlainText('secret'),
}),
});
const prodBranch = app.addBranch('main');
const devBranch = app.addBranch('dev');

const customCertificate = new acm.Certificate(stack, 'Cert', {
domainName: '*.example.com',
});

// WHEN
const domain = app.addDomain('example.com', {
subDomains: [
{
branch: prodBranch,
prefix: 'prod',
},
],
customCertificate,
});
domain.mapSubDomain(devBranch);

// THEN
Template.fromStack(stack).hasResourceProperties('AWS::Amplify::Domain', {
AppId: {
'Fn::GetAtt': [
'AppF1B96344',
'AppId',
],
},
DomainName: 'example.com',
CertificateSettings: {
CertificateType: 'CUSTOM',
CustomCertificateArn: {
Ref: 'Cert5C9FAEC1',
},
},
SubDomainSettings: [
{
BranchName: {
'Fn::GetAtt': [
'AppmainF505BAED',
'BranchName',
],
},
Prefix: 'prod',
},
{
BranchName: {
'Fn::GetAtt': [
'AppdevB328DAFC',
'BranchName',
],
},
Prefix: {
'Fn::GetAtt': [
'AppdevB328DAFC',
'BranchName',
],
},
},
],
});
});

test('map a branch to the domain root', () => {
// GIVEN
const stack = new Stack();
Expand Down

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 8d76778

Please sign in to comment.